Internet of Things, Part 1: God's Gift to the NSA

The fact that IoT technologies are ripe for exploitation by the NSA is just the beginning. The agency now has equipment that lets it ravage the IoT. The Nightstand is a standalone x86 laptop running Linux Fedora Core 3 that can be used to attack PCs running various flavors of Windows. In field operations, it has been used to inject packets into targets up to eight miles away.

By Richard Adhikari
Feb 12, 2014 5:00 AM PT

The United States National Security Agency's salivary glands no doubt started working overtime when it became apparent that technological advances were moving the world toward an Internet of Things -- a world where everything would be connected to everything else wirelessly or over the Web.

Almost two years ago, David Petraeus, then director of the U.S. Central Intelligence Agency, enthused that the IoT
would transform surveillance techniques, Wired reported.

The smart home, and smart devices in it, would send tagged data with geolocations that could be intercepted in real time. Items of interest could be located, identified, monitored, and remotely controlled through technologies such as sensor networks and tiny embedded servers, Petraeus said.

The mention of tiny embedded servers may have come to people's minds last month, when news that the NSA had surreptitiously embedded microphone-bearing circuit boards and USB cards into PCs to spy on their users made the headlines.

Cracking the IoT Nut

Getting into IoT devices is not at all difficult.

When consumers' washing machines, dishwashers, thermostats, lights and coffeemakers are all linked to the Internet, either independently or through the home entertainment center's routers, tracking just about every aspect of a target's life will be a breeze.

"Most home users buy a router and use the default settings," Tommy Chin, technical support engineer at
Core Security, told TechNewsWorld. "Sometimes the settings are misconfigured by the manufacturer, and they will be exploited by hackers."

Hot Rod Blues

Automakers are pushing smart cars, and Microsoft, Apple and Google are fighting for a share of the in-vehicle infotainment and telematics market, which Accenture has predicted
will exceed US$80 billion this year.

Samsung and BMW have jointly developed the "iRemote" application, which lets owners of Samsung's Galaxy Gear smartwatch monitor the doors and batteries of their i3 electronic car and change the vehicle's indoor temperature using the device.

Meanwhile, the auto insurance industry is pushing smart devices that plug into a standard car port and monitor how fast and far a car goes, and how it is driven. These devices also report on the car's location.

The amount of user data gathered on people in cars by telematics systems, personal navigation devices and smartphones has spurred an investigation by the U.S. Government Accountability Office, which in December submitted a
report to the Senate on this issue.

No Place Like Home

On the home front, LG has rolled out its HomeChat service, which connects users to their kitchen products through the Line" smartphone messaging app.

Google recently laid out $3.2 billion for Nest, which makes smart thermostats and smoke alarms that come with a mobile app. The move sparked speculation that Google wanted to better track consumers for the purpose of serving up ads to them.

However, the purchase also could be useful to the NSA, as it would allow it to get even more information on targets when it serves Google with demands for information about them -- a fact not lost on security and privacy advocates.

Nest CEO Tony Fadell waffled when asked last month whether the company would provide information on user habits to Google, only denying that integration of both companies' data was then on the table.

Fashionista Hell

Things will get even more up close and personal. At CES 2014 earlier this year, Intel talked about its
plans for wearable devices.

Also, the French National Research Agency is funding research on cooperation in and between wireless body area networks in
Project Cormoran.

Saving Us From Ourselves

The fact that IoT technologies are ripe for exploitation by the NSA is just the beginning. The agency now has equipment that lets it ravage the IoT.

The
Nightstand -- one of the products in its 50-page catalog of spying devices -- is a standalone x86 laptop running Linux Fedora Core 3 that can be used to attack PCs running various flavors of Windows. In field operations, it has been used to inject packets into targets up to eight miles away.

The NSA also is reported to be harvesting millions of text messages worldwide daily.

The White House's Stance

Pressured by rising anger over the NSA's surveillance activities, President Obama in January outlined some measures to restrict the agency.

However, it was clear that the surveillance would not be terminated.

The U.S. needs to be able to collect data on potential terrorists' communications, Obama said.

Protect Yourself at All Times

Users should protect their home networks to prevent hacks through the IoT, Tripwire's Westin told TechNewsWorld.

They must change the default passwords on home routers; enable the built-in firewalls on the routers; and update their firmware when patches are available.

Manufacturers should use tamper-resistant licensing code for applications that sit at the operating system level, Mathieu Baissac, a security expert at
Flexera Software, told TechNewsWorld.

Among other things, Baissac said, manufacturers also should ensure that applications on their devices, mobile device management systems and other products "have an easy, automated mechanism for getting the latest security patches and updates as fast as possible."

Richard Adhikari has written about high-tech for leading industry publications since the 1990s and wonders where it's all leading to. Will implanted RFID chips in humans be the Mark of the Beast? Will nanotech solve our coming food crisis? Does Sturgeon's Law still hold true? You can connect with Richard on
Google+.